Blesta Addons Posted December 2, 2017 Report Share Posted December 2, 2017 after upgrade to v4, i have noticied that no one can add two factor identification, i have tested with a test account , and every time i get The one-time password entered is invalid. Quote Link to comment Share on other sites More sharing options...
0 Tyson Posted December 4, 2017 Report Share Posted December 4, 2017 I don't think the timezone should have an effect on this issue since the time comparison is relative to UTC. This type of issue usually arises because the server time is no longer synced with the current actual time. For example, if the time is currently 08:00 but your server time is 07:55, the server time is 5 minutes slow, so while clients will generate a OTP based on 08:00, it will be compared against a different OTP from 07:55 by the server. This time drift will cause the OTP to be rejected if it is more than +/- 3 minutes from current time. activa 1 Quote Link to comment Share on other sites More sharing options...
0 Blesta Addons Posted December 2, 2017 Author Report Share Posted December 2, 2017 i was able to add it in chrome !!! but we can't login from client login page, and every time we enter the onetime code we get The one-time password entered is invalid. Quote Link to comment Share on other sites More sharing options...
0 Blesta Addons Posted December 3, 2017 Author Report Share Posted December 3, 2017 in other blesta installation it work, it has a time set to UTC +00:00 (UTC) . the otehr installation the time set to UTC Africa/Casablanca . is this can be the issue? as i don't see any date conversion in Users->addOtp() . Quote Link to comment Share on other sites More sharing options...
0 Blesta Addons Posted December 4, 2017 Author Report Share Posted December 4, 2017 all our new clients cannot use the two factor identification, they all receive the error "The one-time password entered is invalid." test in all browsers and no effect . the old account also if they logout the can't login again and they recieve a invalid onetime password . Please is urgent and trivial. Quote Link to comment Share on other sites More sharing options...
0 Tyson Posted December 4, 2017 Report Share Posted December 4, 2017 Is your server time accurate? If it's off by even a couple minutes the one time password will not be accepted. Quote Link to comment Share on other sites More sharing options...
0 Blesta Addons Posted December 4, 2017 Author Report Share Posted December 4, 2017 2 hours ago, Tyson said: Is your server time accurate? If it's off by even a couple minutes the one time password will not be accepted. i checked and i found the server time is also set to Africa/Casablanca. what pist or debug i need to do? now a lot of claim from clients, they can't access their account, Quote Link to comment Share on other sites More sharing options...
0 Blesta Addons Posted December 5, 2017 Author Report Share Posted December 5, 2017 13 hours ago, Tyson said: For example, if the time is currently 08:00 but your server time is 07:55, the server time is 5 minutes slow, so while clients will generate a OTP based on 08:00, it will be compared against a different OTP from 07:55 by the server. This time drift will cause the OTP to be rejected if it is more than +/- 3 minutes from current time. i will check this and return to you. Quote Link to comment Share on other sites More sharing options...
0 Blesta Addons Posted December 5, 2017 Author Report Share Posted December 5, 2017 22 hours ago, Tyson said: For example, if the time is currently 08:00 but your server time is 07:55, the server time is 5 minutes slow, so while clients will generate a OTP based on 08:00, it will be compared against a different OTP from 07:55 by the server. This time drift will cause the OTP to be rejected if it is more than +/- 3 minutes from current time. that was the cause, thanks, resolved . Paul and Tyson 2 Quote Link to comment Share on other sites More sharing options...
Question
Blesta Addons
after upgrade to v4, i have noticied that no one can add two factor identification, i have tested with a test account , and every time i get
The one-time password entered is invalid.
Link to comment
Share on other sites
8 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.